API tools faq
paste
Advertisement
Guest User

Mikrotik Rules

a guest
Nov 24th, 2014
260
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.59 KB | None | 0 0
raw download clone embed print report
  1. /ip firewall layer7-protocol
  2. add name=sip regexp="^(invite|register|cancel|message|subscribe|notify) sip[\\x09-\\x0d -~]*sip/[0-2]\\.[0-9]"
  3. add name=skypetoskype regexp="^..\\x02............."
  4. add comment="Skype<->POTS phone calls" name=skypeout regexp="^(\\x01.\?.\?.\?.\?.\?.\?.\?.\?\\x01|\\x02.\?.\?.\?.\?.\?.\?.\?.\?\\x02|\\x03.\?.\?.\?.\?.\?.\?.\?.\?\\x0\
  5. 3|\\x04.\?.\?.\?.\?.\?.\?.\?.\?\\x04|\\x05.\?.\?.\?.\?.\?.\?.\?.\?\\x05|\\x06.\?.\?.\?.\?.\?.\?.\?.\?\\x06|\\x07.\?.\?.\?.\?.\?.\?.\?.\?\\x07|\\x08.\?.\?.\?.\?.\?\
  6. .\?.\?.\?\\x08|\\x09.\?.\?.\?.\?.\?.\?.\?.\?\\x09|\\x0a.\?.\?.\?.\?.\?.\?.\?.\?\\x0a|\\x0b.\?.\?.\?.\?.\?.\?.\?.\?\\x0b|\\x0c.\?.\?.\?.\?.\?.\?.\?.\?\\x0c|\\x0d.\
  7. \?.\?.\?.\?.\?.\?.\?.\?\\x0d|\\x0e.\?.\?.\?.\?.\?.\?.\?.\?\\x0e|\\x0f.\?.\?.\?.\?.\?.\?.\?.\?\\x0f|\\x10.\?.\?.\?.\?.\?.\?.\?.\?\\x10|\\x11.\?.\?.\?.\?.\?.\?.\?.\
  8. \?\\x11|\\x12.\?.\?.\?.\?.\?.\?.\?.\?\\x12|\\x13.\?.\?.\?.\?.\?.\?.\?.\?\\x13|\\x14.\?.\?.\?.\?.\?.\?.\?.\?\\x14|\\x15.\?.\?.\?.\?.\?.\?.\?.\?\\x15|\\x16.\?.\?.\?\
  9. .\?.\?.\?.\?.\?\\x16|\\x17.\?.\?.\?.\?.\?.\?.\?.\?\\x17|\\x18.\?.\?.\?.\?.\?.\?.\?.\?\\x18|\\x19.\?.\?.\?.\?.\?.\?.\?.\?\\x19|\\x1a.\?.\?.\?.\?.\?.\?.\?.\?\\x1a|\
  10. \\x1b.\?.\?.\?.\?.\?.\?.\?.\?\\x1b|\\x1c.\?.\?.\?.\?.\?.\?.\?.\?\\x1c|\\x1d.\?.\?.\?.\?.\?.\?.\?.\?\\x1d|\\x1e.\?.\?.\?.\?.\?.\?.\?.\?\\x1e|\\x1f.\?.\?.\?.\?.\?.\
  11. \?.\?.\?\\x1f|\\x20.\?.\?.\?.\?.\?.\?.\?.\?\\x20|\\x21.\?.\?.\?.\?.\?.\?.\?.\?\\x21|\\x22.\?.\?.\?.\?.\?.\?.\?.\?\\x22|\\x23.\?.\?.\?.\?.\?.\?.\?.\?\\x23|\\\$.\?.\
  12. \?.\?.\?.\?.\?.\?.\?\\\$|\\x25.\?.\?.\?.\?.\?.\?.\?.\?\\x25|\\x26.\?.\?.\?.\?.\?.\?.\?.\?\\x26|\\x27.\?.\?.\?.\?.\?.\?.\?.\?\\x27|\\(.\?.\?.\?.\?.\?.\?.\?.\?\\(|\
  13. \\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|\\x2c.\?.\?.\?.\?.\?.\?.\?.\?\\x2c|\\x2d.\?.\?.\?.\?.\?.\?.\?.\?\\x2d\
  14. |\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|\\x2f.\?.\?.\?.\?.\?.\?.\?.\?\\x2f|\\x30.\?.\?.\?.\?.\?.\?.\?.\?\\x30|\\x31.\?.\?.\?.\?.\?.\?.\?.\?\\x31|\\x32.\?.\?.\?.\?.\?.\?.\
  15. \?.\?\\x32|\\x33.\?.\?.\?.\?.\?.\?.\?.\?\\x33|\\x34.\?.\?.\?.\?.\?.\?.\?.\?\\x34|\\x35.\?.\?.\?.\?.\?.\?.\?.\?\\x35|\\x36.\?.\?.\?.\?.\?.\?.\?.\?\\x36|\\x37.\?.\?\
  16. .\?.\?.\?.\?.\?.\?\\x37|\\x38.\?.\?.\?.\?.\?.\?.\?.\?\\x38|\\x39.\?.\?.\?.\?.\?.\?.\?.\?\\x39|\\x3a.\?.\?.\?.\?.\?.\?.\?.\?\\x3a|\\x3b.\?.\?.\?.\?.\?.\?.\?.\?\\x3\
  17. b|\\x3c.\?.\?.\?.\?.\?.\?.\?.\?\\x3c|\\x3d.\?.\?.\?.\?.\?.\?.\?.\?\\x3d|\\x3e.\?.\?.\?.\?.\?.\?.\?.\?\\x3e|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\?|\\x40.\?.\?.\?.\?.\?.\
  18. \?.\?.\?\\x40|\\x41.\?.\?.\?.\?.\?.\?.\?.\?\\x41|\\x42.\?.\?.\?.\?.\?.\?.\?.\?\\x42|\\x43.\?.\?.\?.\?.\?.\?.\?.\?\\x43|\\x44.\?.\?.\?.\?.\?.\?.\?.\?\\x44|\\x45.\?\
  19. .\?.\?.\?.\?.\?.\?.\?\\x45|\\x46.\?.\?.\?.\?.\?.\?.\?.\?\\x46|\\x47.\?.\?.\?.\?.\?.\?.\?.\?\\x47|\\x48.\?.\?.\?.\?.\?.\?.\?.\?\\x48|\\x49.\?.\?.\?.\?.\?.\?.\?.\?\
  20. \\x49|\\x4a.\?.\?.\?.\?.\?.\?.\?.\?\\x4a|\\x4b.\?.\?.\?.\?.\?.\?.\?.\?\\x4b|\\x4c.\?.\?.\?.\?.\?.\?.\?.\?\\x4c|\\x4d.\?.\?.\?.\?.\?.\?.\?.\?\\x4d|\\x4e.\?.\?.\?.\
  21. \?.\?.\?.\?.\?\\x4e|\\x4f.\?.\?.\?.\?.\?.\?.\?.\?\\x4f|\\x50.\?.\?.\?.\?.\?.\?.\?.\?\\x50|\\x51.\?.\?.\?.\?.\?.\?.\?.\?\\x51|\\x52.\?.\?.\?.\?.\?.\?.\?.\?\\x52|\\\
  22. x53.\?.\?.\?.\?.\?.\?.\?.\?\\x53|\\x54.\?.\?.\?.\?.\?.\?.\?.\?\\x54|\\x55.\?.\?.\?.\?.\?.\?.\?.\?\\x55|\\x56.\?.\?.\?.\?.\?.\?.\?.\?\\x56|\\x57.\?.\?.\?.\?.\?.\?.\
  23. \?.\?\\x57|\\x58.\?.\?.\?.\?.\?.\?.\?.\?\\x58|\\x59.\?.\?.\?.\?.\?.\?.\?.\?\\x59|\\x5a.\?.\?.\?.\?.\?.\?.\?.\?\\x5a|\\[.\?.\?.\?.\?.\?.\?.\?.\?\\[|\\.\?.\?.\?.\?.\
  24. \?.\?.\?.\?\\|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|\\x5f.\?.\?.\?.\?.\?.\?.\?.\?\\x5f|\\x60.\?.\?.\?.\?.\?.\?.\?.\?\\x60|\\x61.\?.\?.\?.\
  25. \?.\?.\?.\?.\?\\x61|\\x62.\?.\?.\?.\?.\?.\?.\?.\?\\x62|\\x63.\?.\?.\?.\?.\?.\?.\?.\?\\x63|\\x64.\?.\?.\?.\?.\?.\?.\?.\?\\x64|\\x65.\?.\?.\?.\?.\?.\?.\?.\?\\x65|\\\
  26. x66.\?.\?.\?.\?.\?.\?.\?.\?\\x66|\\x67.\?.\?.\?.\?.\?.\?.\?.\?\\x67|\\x68.\?.\?.\?.\?.\?.\?.\?.\?\\x68|\\x69.\?.\?.\?.\?.\?.\?.\?.\?\\x69|\\x6a.\?.\?.\?.\?.\?.\?.\
  27. \?.\?\\x6a|\\x6b.\?.\?.\?.\?.\?.\?.\?.\?\\x6b|\\x6c.\?.\?.\?.\?.\?.\?.\?.\?\\x6c|\\x6d.\?.\?.\?.\?.\?.\?.\?.\?\\x6d|\\x6e.\?.\?.\?.\?.\?.\?.\?.\?\\x6e|\\x6f.\?.\?\
  28. .\?.\?.\?.\?.\?.\?\\x6f|\\x70.\?.\?.\?.\?.\?.\?.\?.\?\\x70|\\x71.\?.\?.\?.\?.\?.\?.\?.\?\\x71|\\x72.\?.\?.\?.\?.\?.\?.\?.\?\\x72|\\x73.\?.\?.\?.\?.\?.\?.\?.\?\\x7\
  29. 3|\\x74.\?.\?.\?.\?.\?.\?.\?.\?\\x74|\\x75.\?.\?.\?.\?.\?.\?.\?.\?\\x75|\\x76.\?.\?.\?.\?.\?.\?.\?.\?\\x76|\\x77.\?.\?.\?.\?.\?.\?.\?.\?\\x77|\\x78.\?.\?.\?.\?.\?\
  30. .\?.\?.\?\\x78|\\x79.\?.\?.\?.\?.\?.\?.\?.\?\\x79|\\x7a.\?.\?.\?.\?.\?.\?.\?.\?\\x7a|\\{.\?.\?.\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?\
  31. .\?.\?.\?.\?\\}|\\x7e.\?.\?.\?.\?.\?.\?.\?.\?\\x7e|\\x7f.\?.\?.\?.\?.\?.\?.\?.\?\\x7f|\\x80.\?.\?.\?.\?.\?.\?.\?.\?\\x80|\\x81.\?.\?.\?.\?.\?.\?.\?.\?\\x81|\\x82.\
  32. \?.\?.\?.\?.\?.\?.\?.\?\\x82|\\x83.\?.\?.\?.\?.\?.\?.\?.\?\\x83|\\x84.\?.\?.\?.\?.\?.\?.\?.\?\\x84|\\x85.\?.\?.\?.\?.\?.\?.\?.\?\\x85|\\x86.\?.\?.\?.\?.\?.\?.\?.\
  33. \?\\x86|\\x87.\?.\?.\?.\?.\?.\?.\?.\?\\x87|\\x88.\?.\?.\?.\?.\?.\?.\?.\?\\x88|\\x89.\?.\?.\?.\?.\?.\?.\?.\?\\x89|\\x8a.\?.\?.\?.\?.\?.\?.\?.\?\\x8a|\\x8b.\?.\?.\?\
  34. .\?.\?.\?.\?.\?\\x8b|\\x8c.\?.\?.\?.\?.\?.\?.\?.\?\\x8c|\\x8d.\?.\?.\?.\?.\?.\?.\?.\?\\x8d|\\x8e.\?.\?.\?.\?.\?.\?.\?.\?\\x8e|\\x8f.\?.\?.\?.\?.\?.\?.\?.\?\\x8f|\
  35. \\x90.\?.\?.\?.\?.\?.\?.\?.\?\\x90|\\x91.\?.\?.\?.\?.\?.\?.\?.\?\\x91|\\x92.\?.\?.\?.\?.\?.\?.\?.\?\\x92|\\x93.\?.\?.\?.\?.\?.\?.\?.\?\\x93|\\x94.\?.\?.\?.\?.\?.\
  36. \?.\?.\?\\x94|\\x95.\?.\?.\?.\?.\?.\?.\?.\?\\x95|\\x96.\?.\?.\?.\?.\?.\?.\?.\?\\x96|\\x97.\?.\?.\?.\?.\?.\?.\?.\?\\x97|\\x98.\?.\?.\?.\?.\?.\?.\?.\?\\x98|\\x99.\?\
  37. .\?.\?.\?.\?.\?.\?.\?\\x99|\\x9a.\?.\?.\?.\?.\?.\?.\?.\?\\x9a|\\x9b.\?.\?.\?.\?.\?.\?.\?.\?\\x9b|\\x9c.\?.\?.\?.\?.\?.\?.\?.\?\\x9c|\\x9d.\?.\?.\?.\?.\?.\?.\?.\?\
  38. \\x9d|\\x9e.\?.\?.\?.\?.\?.\?.\?.\?\\x9e|\\x9f.\?.\?.\?.\?.\?.\?.\?.\?\\x9f|\\xa0.\?.\?.\?.\?.\?.\?.\?.\?\\xa0|\\xa1.\?.\?.\?.\?.\?.\?.\?.\?\\xa1|\\xa2.\?.\?.\?.\
  39. \?.\?.\?.\?.\?\\xa2|\\xa3.\?.\?.\?.\?.\?.\?.\?.\?\\xa3|\\xa4.\?.\?.\?.\?.\?.\?.\?.\?\\xa4|\\xa5.\?.\?.\?.\?.\?.\?.\?.\?\\xa5|\\xa6.\?.\?.\?.\?.\?.\?.\?.\?\\xa6|\\\
  40. xa7.\?.\?.\?.\?.\?.\?.\?.\?\\xa7|\\xa8.\?.\?.\?.\?.\?.\?.\?.\?\\xa8|\\xa9.\?.\?.\?.\?.\?.\?.\?.\?\\xa9|\\xaa.\?.\?.\?.\?.\?.\?.\?.\?\\xaa|\\xab.\?.\?.\?.\?.\?.\?.\
  41. \?.\?\\xab|\\xac.\?.\?.\?.\?.\?.\?.\?.\?\\xac|\\xad.\?.\?.\?.\?.\?.\?.\?.\?\\xad|\\xae.\?.\?.\?.\?.\?.\?.\?.\?\\xae|\\xaf.\?.\?.\?.\?.\?.\?.\?.\?\\xaf|\\xb0.\?.\?\
  42. .\?.\?.\?.\?.\?.\?\\xb0|\\xb1.\?.\?.\?.\?.\?.\?.\?.\?\\xb1|\\xb2.\?.\?.\?.\?.\?.\?.\?.\?\\xb2|\\xb3.\?.\?.\?.\?.\?.\?.\?.\?\\xb3|\\xb4.\?.\?.\?.\?.\?.\?.\?.\?\\xb\
  43. 4|\\xb5.\?.\?.\?.\?.\?.\?.\?.\?\\xb5|\\xb6.\?.\?.\?.\?.\?.\?.\?.\?\\xb6|\\xb7.\?.\?.\?.\?.\?.\?.\?.\?\\xb7|\\xb8.\?.\?.\?.\?.\?.\?.\?.\?\\xb8|\\xb9.\?.\?.\?.\?.\?\
  44. .\?.\?.\?\\xb9|\\xba.\?.\?.\?.\?.\?.\?.\?.\?\\xba|\\xbb.\?.\?.\?.\?.\?.\?.\?.\?\\xbb|\\xbc.\?.\?.\?.\?.\?.\?.\?.\?\\xbc|\\xbd.\?.\?.\?.\?.\?.\?.\?.\?\\xbd|\\xbe.\
  45. \?.\?.\?.\?.\?.\?.\?.\?\\xbe|\\xbf.\?.\?.\?.\?.\?.\?.\?.\?\\xbf|\\xc0.\?.\?.\?.\?.\?.\?.\?.\?\\xc0|\\xc1.\?.\?.\?.\?.\?.\?.\?.\?\\xc1|\\xc2.\?.\?.\?.\?.\?.\?.\?.\
  46. \?\\xc2|\\xc3.\?.\?.\?.\?.\?.\?.\?.\?\\xc3|\\xc4.\?.\?.\?.\?.\?.\?.\?.\?\\xc4|\\xc5.\?.\?.\?.\?.\?.\?.\?.\?\\xc5|\\xc6.\?.\?.\?.\?.\?.\?.\?.\?\\xc6|\\xc7.\?.\?.\?\
  47. .\?.\?.\?.\?.\?\\xc7|\\xc8.\?.\?.\?.\?.\?.\?.\?.\?\\xc8|\\xc9.\?.\?.\?.\?.\?.\?.\?.\?\\xc9|\\xca.\?.\?.\?.\?.\?.\?.\?.\?\\xca|\\xcb.\?.\?.\?.\?.\?.\?.\?.\?\\xcb|\
  48. \\xcc.\?.\?.\?.\?.\?.\?.\?.\?\\xcc|\\xcd.\?.\?.\?.\?.\?.\?.\?.\?\\xcd|\\xce.\?.\?.\?.\?.\?.\?.\?.\?\\xce|\\xcf.\?.\?.\?.\?.\?.\?.\?.\?\\xcf|\\xd0.\?.\?.\?.\?.\?.\
  49. \?.\?.\?\\xd0|\\xd1.\?.\?.\?.\?.\?.\?.\?.\?\\xd1|\\xd2.\?.\?.\?.\?.\?.\?.\?.\?\\xd2|\\xd3.\?.\?.\?.\?.\?.\?.\?.\?\\xd3|\\xd4.\?.\?.\?.\?.\?.\?.\?.\?\\xd4|\\xd5.\?\
  50. .\?.\?.\?.\?.\?.\?.\?\\xd5|\\xd6.\?.\?.\?.\?.\?.\?.\?.\?\\xd6|\\xd7.\?.\?.\?.\?.\?.\?.\?.\?\\xd7|\\xd8.\?.\?.\?.\?.\?.\?.\?.\?\\xd8|\\xd9.\?.\?.\?.\?.\?.\?.\?.\?\
  51. \\xd9|\\xda.\?.\?.\?.\?.\?.\?.\?.\?\\xda|\\xdb.\?.\?.\?.\?.\?.\?.\?.\?\\xdb|\\xdc.\?.\?.\?.\?.\?.\?.\?.\?\\xdc|\\xdd.\?.\?.\?.\?.\?.\?.\?.\?\\xdd|\\xde.\?.\?.\?.\
  52. \?.\?.\?.\?.\?\\xde|\\xdf.\?.\?.\?.\?.\?.\?.\?.\?\\xdf|\\xe0.\?.\?.\?.\?.\?.\?.\?.\?\\xe0|\\xe1.\?.\?.\?.\?.\?.\?.\?.\?\\xe1|\\xe2.\?.\?.\?.\?.\?.\?.\?.\?\\xe2|\\\
  53. xe3.\?.\?.\?.\?.\?.\?.\?.\?\\xe3|\\xe4.\?.\?.\?.\?.\?.\?.\?.\?\\xe4|\\xe5.\?.\?.\?.\?.\?.\?.\?.\?\\xe5|\\xe6.\?.\?.\?.\?.\?.\?.\?.\?\\xe6|\\xe7.\?.\?.\?.\?.\?.\?.\
  54. \?.\?\\xe7|\\xe8.\?.\?.\?.\?.\?.\?.\?.\?\\xe8|\\xe9.\?.\?.\?.\?.\?.\?.\?.\?\\xe9|\\xea.\?.\?.\?.\?.\?.\?.\?.\?\\xea|\\xeb.\?.\?.\?.\?.\?.\?.\?.\?\\xeb|\\xec.\?.\?\
  55. .\?.\?.\?.\?.\?.\?\\xec|\\xed.\?.\?.\?.\?.\?.\?.\?.\?\\xed|\\xee.\?.\?.\?.\?.\?.\?.\?.\?\\xee|\\xef.\?.\?.\?.\?.\?.\?.\?.\?\\xef|\\xf0.\?.\?.\?.\?.\?.\?.\?.\?\\xf\
  56. 0|\\xf1.\?.\?.\?.\?.\?.\?.\?.\?\\xf1|\\xf2.\?.\?.\?.\?.\?.\?.\?.\?\\xf2|\\xf3.\?.\?.\?.\?.\?.\?.\?.\?\\xf3|\\xf4.\?.\?.\?.\?.\?.\?.\?.\?\\xf4|\\xf5.\?.\?.\?.\?.\?\
  57. .\?.\?.\?\\xf5|\\xf6.\?.\?.\?.\?.\?.\?.\?.\?\\xf6|\\xf7.\?.\?.\?.\?.\?.\?.\?.\?\\xf7|\\xf8.\?.\?.\?.\?.\?.\?.\?.\?\\xf8|\\xf9.\?.\?.\?.\?.\?.\?.\?.\?\\xf9|\\xfa.\
  58. \?.\?.\?.\?.\?.\?.\?.\?\\xfa|\\xfb.\?.\?.\?.\?.\?.\?.\?.\?\\xfb|\\xfc.\?.\?.\?.\?.\?.\?.\?.\?\\xfc|\\xfd.\?.\?.\?.\?.\?.\?.\?.\?\\xfd|\\xfe.\?.\?.\?.\?.\?.\?.\?.\
  59. \?\\xfe|\\xff.\?.\?.\?.\?.\?.\?.\?.\?\\xff)"
  60. /ip firewall mangle add action=mark-packet chain=prerouting disabled=yes in-interface=\
  61. ""pppoe-out1"" new-packet-mark=internet-in
  62. /ip firewall mangle add action=mark-packet chain=prerouting comment="ICMP responses" \
  63. in-interface="pppoe-out1" new-packet-mark=icmp_in passthrough=no \
  64. protocol=icmp
  65. /ip firewall mangle add action=mark-packet chain=postrouting comment="ICMP requests to WAN" \
  66. new-packet-mark=icmp_out out-interface="pppoe-out1" passthrough=no \
  67. protocol=icmp
  68. /ip firewall mangle add action=mark-packet chain=prerouting comment="DNS response packets" \
  69. in-interface="pppoe-out1" new-packet-mark=dns_in passthrough=no protocol=\
  70. udp src-port=53
  71. /ip firewall mangle add action=mark-packet chain=postrouting comment="DNS request packets" \
  72. dst-port=53 new-packet-mark=dns_out out-interface="pppoe-out1" \
  73. passthrough=no protocol=udp
  74. /ip firewall mangle add action=mark-packet chain=prerouting comment="SIP from WAN" \
  75. connection-type=sip in-interface="pppoe-out1" new-packet-mark=sip_in \
  76. passthrough=no
  77. /ip firewall mangle add action=mark-packet chain=postrouting comment="SIP to WAN" \
  78. connection-type=sip new-packet-mark=sip_out out-interface="pppoe-out1" \
  79. passthrough=no
  80. /ip firewall mangle add action=mark-packet chain=prerouting comment=\
  81. "Skype->Skype from WAN (Layer7, false positives/negatives possible)" \
  82. in-interface="pppoe-out1" layer7-protocol=skypetoskype new-packet-mark=\
  83. skype_in passthrough=no
  84. /ip firewall mangle add action=mark-packet chain=postrouting comment=\
  85. "Skype->Skype to WAN (Layer7, false positives/negatives possible)" \
  86. layer7-protocol=skypetoskype new-packet-mark=skype_out out-interface=\
  87. "pppoe-out1" passthrough=no
  88. /ip firewall mangle add action=mark-packet chain=prerouting comment=\
  89. "Small HTTP sessions from WAN" connection-bytes=0-500000 in-interface=\
  90. "pppoe-out1" new-packet-mark=small_http_in passthrough=no protocol=tcp \
  91. src-port=80,443
  92. /ip firewall mangle add action=mark-packet chain=postrouting comment="Small HTTP session to WAN" \
  93. connection-bytes=0-100000 dst-port=80,443 new-packet-mark=small_http_out \
  94. out-interface="pppoe-out1" passthrough=no protocol=tcp
  95. /ip firewall mangle add action=mark-packet chain=prerouting comment=\
  96. "Skype<->POTS from WAN (Layer7; CPU heavy)" in-interface="pppoe-out1" \
  97. layer7-protocol=skypeout new-packet-mark=skype_in passthrough=no \
  98. protocol=udp
  99. /ip firewall mangle add action=mark-packet chain=postrouting comment=\
  100. "Skype<->POTS to WAN (Layer7; CPU heavy)" layer7-protocol=skypeout \
  101. new-packet-mark=skype_out out-interface="pppoe-out1" passthrough=no \
  102. protocol=udp
  103. /ip firewall mangle add action=mark-packet chain=prerouting comment="Other packets from WAN" \
  104. in-interface="pppoe-out1" new-packet-mark=other_in passthrough=no
  105. /ip firewall mangle add action=mark-packet chain=postrouting comment="Other packets to WAN" \
  106. new-packet-mark=other_out out-interface="pppoe-out1" passthrough=no
  107. /ip firewall mangle add action=mark-packet chain=prerouting disabled=yes in-interface=\
  108. "pppoe-out1" new-packet-mark=internet-in
  109. /ip firewall mangle add action=mark-packet chain=prerouting comment="ICMP responses" \
  110. in-interface="pppoe-out1" new-packet-mark=icmp_in passthrough=no \
  111. protocol=icmp
  112. /ip firewall mangle add action=mark-packet chain=postrouting comment="ICMP requests to WAN" \
  113. new-packet-mark=icmp_out out-interface="pppoe-out1" passthrough=no \
  114. protocol=icmp
  115. /ip firewall mangle add action=mark-packet chain=prerouting comment="DNS response packets" \
  116. in-interface="pppoe-out1" new-packet-mark=dns_in passthrough=no protocol=\
  117. udp src-port=53
  118. /ip firewall mangle add action=mark-packet chain=postrouting comment="DNS request packets" \
  119. dst-port=53 new-packet-mark=dns_out out-interface="pppoe-out1" \
  120. passthrough=no protocol=udp
  121. /ip firewall mangle add action=mark-packet chain=prerouting comment="SIP from WAN" \
  122. connection-type=sip in-interface="pppoe-out1" new-packet-mark=sip_in \
  123. passthrough=no
  124. /ip firewall mangle add action=mark-packet chain=postrouting comment="SIP to WAN" \
  125. connection-type=sip new-packet-mark=sip_out out-interface="pppoe-out1" \
  126. passthrough=no
  127. /ip firewall mangle add action=mark-packet chain=prerouting comment=\
  128. "Skype->Skype from WAN (Layer7, false positives/negatives possible)" \
  129. in-interface="pppoe-out1" layer7-protocol=skypetoskype new-packet-mark=\
  130. skype_in passthrough=no
  131. /ip firewall mangle add action=mark-packet chain=postrouting comment=\
  132. "Skype->Skype to WAN (Layer7, false positives/negatives possible)" \
  133. layer7-protocol=skypetoskype new-packet-mark=skype_out out-interface=\
  134. "pppoe-out1" passthrough=no
  135. /ip firewall mangle add action=mark-packet chain=prerouting comment=\
  136. "Small HTTP sessions from WAN" connection-bytes=0-500000 in-interface=\
  137. "pppoe-out1" new-packet-mark=small_http_in passthrough=no protocol=tcp \
  138. src-port=80,443
  139. /ip firewall mangle add action=mark-packet chain=postrouting comment="Small HTTP session to WAN" \
  140. connection-bytes=0-100000 dst-port=80,443 new-packet-mark=small_http_out \
  141. out-interface="pppoe-out1" passthrough=no protocol=tcp
  142. /ip firewall mangle add action=mark-packet chain=prerouting comment=\
  143. "Skype<->POTS from WAN (Layer7; CPU heavy)" in-interface="pppoe-out1" \
  144. layer7-protocol=skypeout new-packet-mark=skype_in passthrough=no \
  145. protocol=udp
  146. /ip firewall mangle add action=mark-packet chain=postrouting comment=\
  147. "Skype<->POTS to WAN (Layer7; CPU heavy)" layer7-protocol=skypeout \
  148. new-packet-mark=skype_out out-interface="pppoe-out1" passthrough=no \
  149. protocol=udp
  150. /ip firewall mangle add action=mark-packet chain=prerouting comment="Other packets from WAN" \
  151. in-interface="pppoe-out1" new-packet-mark=other_in passthrough=no
  152. /ip firewall mangle add action=mark-packet chain=postrouting comment="Other packets to WAN" \
  153. new-packet-mark=other_out out-interface="pppoe-out1" passthrough=no
  154.  
  155. /queue tree add max-limit=35M name=input packet-mark=input parent=global priority=1
  156. /queue tree add max-limit=10M name=output packet-mark=output parent=global priority=1
  157. /queue tree add max-limit=35M name=sip_in packet-mark=sip_in parent=input priority=2 \
  158. queue=default
  159. /queue tree add max-limit=10M name=sip_out packet-mark=sip_out parent=output priority=2 \
  160. queue=default
  161. /queue tree add max-limit=30M name=other_in packet-mark=other_in parent=input queue=\
  162. default
  163. /queue tree add max-limit=8M name=other_out packet-mark=other_out parent=output queue=\
  164. default
  165. /queue tree add max-limit=30M name=small_http_in packet-mark=small_http_in parent=input \
  166. priority=7 queue=default
  167. /queue tree add max-limit=8M name=small_http_out packet-mark=small_http_out parent=\
  168. output priority=7 queue=default
  169. /queue tree add comment="Traffic queues of different classes - for QoS. Can restrict data \
  170. rate/set priority here.\
  171. \nNote that these rules use packet marks in order to identify traffic.\
  172. \nSee IP -> Firewall -> Mangle for marking rules" max-limit=35M name=\
  173. dns_in packet-mark=dns_in parent=input priority=1 queue=default
  174. /queue tree add max-limit=10M name=dns_out packet-mark=dns_out parent=output priority=1 \
  175. queue=default
  176. /queue tree add max-limit=35M name=skype_in packet-mark=skype_in parent=input priority=3 \
  177. queue=default
  178. /queue tree add max-limit=10M name=skype_out packet-mark=skype_out parent=output \
  179. priority=3 queue=default
  180. /queue tree add max-limit=35M name=icmp_in packet-mark=icmp_in parent=input priority=1 \
  181. queue=default
  182. /queue tree add max-limit=10M name=icmp_out packet-mark=icmp_out parent=output priority=\
  183. 1 queue=default
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!